Non-major authorised deposit-taking institutions (ADIs) will be required to join the big four banks as data holders under the consumer data right (CDR) scheme. As data holders, institutions will initially need to share data on savings and transaction accounts, as well as credit and debit cards with individuals if they request it. That data will also be available to the handful of data recipients that have been accredited by the Australian Competition and Consumer Commission to use the data to provide product or service.
A phased approach will then see ADIs share data for home loans and personal loans from November 2021, followed by other loans and lines of credit, trusts and retirement accounts from February 2022. The Commonwealth Bank, ANZ, Westpac and NAB have been sharing this consumer data under phases one, two, and three of the scheme since February 2021 after first joining the CDR in July 2020.
But even as the CDR enters its next phase, only a handful of tier two lenders have currently signed on as data holders, with the remainder delaying their entry – some by up to 18 months. In addition to the big four banks, ten additional ADIs – and their respective brands – had become data holders at the time of publication (July 2021).
Two of these, including Regional Australia Bank – which became a data holder late in 2020 – and Australian Military Bank (including RSL Money), have done so using fintech Biza.io’s CDR solution. Macquarie Bank, Suncorp, Citgroup, AMP, Judo Bank, eftpos provider Tyro, and neobanks Up and Volt have also become last-minute data holders, which the ACCC’s website shows has occurred in June 2021. The full list can be found here.
Many of the remaining banks and credit unions have, however, had exemptions approved by the ACCC that push out their entry to the scheme until July 2022 or later. ME Bank – which was recently bought by the Bank of Queensland – became one of the latest institutions to be granted an exemption at the end of June 2021.
The exemption will see the bank defer the ‘commencement dates of its phase one, phase two, and direct-to-consumer data sharing obligations until July 1 2022’. Other banks and credit unions to receive exemptions in 2021 include Bendigo and Adelaide Bank, IMB, Police Bank, Arab Bank Australia, and G&C Mutual Bank.
A challenge some institutions have faced is the current requirement that each joint account holder authorise the sharing of data before it can occur. Treasury is currently looking to rectify this by ensuring any account holder can ‘authorise the sharing of account data by default unless one or both account holders choose to opt-out’.
As part of this consultation, the central agency is also looking at relaxing data access arrangements for the scheme, including by opening new pathways for businesses to obtain data. At present, only nine data recipients are accredited to ingest data, including the Commonwealth Bank, Frollo, Regional Australia Bank, Ezidox, Yodlee, Adatree, illion, and Intuit.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now